Solved

No Webfiltering in IE 11 or Chrome

  • 20 November 2013
  • 57 replies
  • 373 views

Userlevel 2
Hi..............I just installed WSA 2014 and so far I am not impressed. Please fix my problem. I have uninstalled and reinstalled 2x. There is no webshield/filter running or installed in either IE 11 or Chrome. I am using Win 7 Home Premium 64bit. There is also an ongoing thread at Wilders. I do not even have the crx file listed by Triple Helix. So what gives? IThe eicar test does not even get blocked. Thanks. 
 
http://www.wilderssecurity.com/showthread.php?t=356072
icon

Best answer by RetiredTripleHelix 3 December 2013, 01:54

View original

57 replies

Userlevel 7
Hi GTR707
 
Understand where you are coming from here but let me try to reply to each point specifically before you completely give up on WSA. ;)
 
Normal plain old install. Completely removed avast using the avast uninstaller. Cleaned up any left overs and rebooted.
 
Baldrick - Perfect approach
 
Installed WSA and downloaded the eiar test file usign Chrome. No detection. No alarm.
 
Baldrick - I have done the same and it does not warn or alarm given the way that I advised that WSA works...until the malware goes active it will not be intercepted/reported...but in the case of eicar...WSA knows what it is and so ignores it...as do some other AVs I know.
 
Downloaded using IE 11. No detection. No alarm. Nothing in logs.
 
Baldrick - as per above.
 
Did a scan and it was detected.
 
Baldrick - in this case because you are scannng it will report, etc.  That is how WSA works.
 
Does WSA have website ratings when you Google stuff like WOT?
 
Baldrick - Yes, it does; and in fact Webroot is just rolling out a new version to the user base via silent updates, so it is possible that you would not yet have had it with what you installed.  I have received it and it provides the rating of search results in IE, Chrome & Firefox, etc.
 
How come there is no Chrome plugin to be found?
 
Baldrick - As stated above there is cover for Chrome in the new Threat Shield that is being rolled out (slowly), but you are still well protected by WSA even if yo have not yet got it.
 
Unisntalled WSA and tried again. Samething. Downloaded some malware samples and "none" where detected.
 
Baldrick - Not surprised given what I have advised in terms of what you said about your first install/testing.
 
All verifed using Virustotal. Scanned with MBAM and all 4 samples were detected.
 
Baldrick - At the risk of being boring the reason for this is what I have already advised, i.e., that the WSA protection philospohy/the way it works is different to what I would euphamistically called 'traditional' solutions. ANd I have to admit that it does take some time to get used to/trust...but that is because we have been brought up on the 'traditional', etc.
 
I was done with WSA.
 
Baldrick - Far from me trying to convince you I will try to find some links to articles to support what I am saying so that hopefully you can make an informed choice.
 
Mounted my stored image with avast. Sorry but I have tried every av out there and never have I ran accross something like this. Heck even Comodo detects more. Thanks anyways.
 
Baldrick - One last thing...it is not about just detection (but I am sure that you know this) but also about prevention/interception & correcting...all of which WSA IMHO does very, very well.
 
Anyway, I hope you will consider what my responses and take a fresh look at WSA. :D
 
Please feel free to post back if yo do so decide and have more questions.
 
Regards
 
 
Baldrick
 
Userlevel 7
That VT link for that infection is for a file (that is marked bad in our database a scan should remove it now) that has been seen on a grand total of two PC`s from our user base. Thats 2 PC`s out of out millions of active users (your PC is one of those the other is a AV test box). Its not like its unknown on hundreds of thousands of PC`s! If you reply with the MD5`s of the other samples I can check them out.
 
As had already been mentioned we operate so completely differently to other AV`s. We see infections all the time before other AV vendors do. 
Userlevel 7
It seems that you don't understand correctly the main philosophy (approach) of WSA protection.
 
Dormant files even if malicious but only sitting on your HD are harmless. However once executed WSA will catch them and handle them accordingly (block, delete, put to quarantine etc.).
 
As for the shield, the new web shield (based on BrightCloud technology) is being rolled out progressively and possibly you have not received it yet. Nevertheless you have "the old shield" that does its work still perfectly. On top of that there are other WSA modules/shields which are protecting you in the same time. So there is no reason to be somehow worried.
 
Last but not least, WSA is so good that you can use it alone what many users, including me, do. ;)
Userlevel 7
Badge +56
@ wrote:
"Here is the final version"? What does that mean? Did you provide a link? How is it that I have NO webshield at after 2 installs? Just like these users.
 
http://www.wilderssecurity.com/showthread.php?t=356072
 
I downloaded and installed WSA 2014. That should contain the 2013 webshield. It does not. Explain please. Thanks. 
Sorry if I'm going to be rude or blunt! What part of what I posted above that you don't understand? There is nothing more to say but have patience you will get the new Web Shield in time as that person had issues of getting the new Web Shield installed in Chrome so there are issues so the reason for a slow roll out. :@
 
Thanks,
 
Daniel
Userlevel 7
Hi GTR707
 
Welcome to the Community Forums :D
 
Sorry to hear that you have had a bad experience with WSA.  To try to get to the bottom of what you have seen (which I must say is most untypical in my experience) can you advise as to the precise actions that you undertook to get the result that you did.
 
Was the infection actual or are you just saying that WSA did not detect the malware at download?  Reason I ask is because WSA looks for active threats and a piece of malware that is on the disk but effectively dormant will not be detected (as it is not doing any harm).  However, should it try to activate/run then WSA will detect and jump into block if it identifies it as a threat.  If it cannot determine it as either good or bad it will switch to monitor mod, journalling any actions the monitored program undertakes and if a lter determination is that the program is bad then it will block it and then reverse the actions it has taken (nd were monitored) prior to the 'bad' determination.
 
Do not know if that helps explain what you may have seen, but please feel free to ask further questions and we at the Community will try to answer/explain. ;)
 
Regards
 
 
Baldrick
Userlevel 7
Hi GTR707
 
May I suggest that you open a Support Ticket and provide a synopsis of your issue(s).  At this stage I believe that they are the only source of assistance for your issue(s).
 
I will correct you on the point "What about the people that just spent $30-50 on WSA 2014? They dont even get a webshield?".  They DO get a web shield...it is the current one NOT the new one that is being rolled out progressively.
 
If you are using v8.0.4.24 then you are using the most current version...as I said before the new web shield is being rollout electronically and is not part of the current downloadable installer.
 
Finally, the roll back features are under the cover and their use is determined by WSA.  There is (thanksfully) not option for user control.  If you require that then I would suggest dedicated rollback software...there are a number available.
 
Open a ticket and see what the Support Team can do to help.
 
Regards
 
 
 
Baldrick
Userlevel 7
Hi dbrisendine
 
As TripleHelix said...the new functionality is coming...and I believe that they will be accelerating the tranches of user keycodes that get updated...as the monitor the current and are satisfied that the new shield is at least as good as the old one...and most likely better.
 
As TH said...patience is required.  I have two licenses for WSA...one has received the update, the other not yet. ;)
 
Regards
 
 
Baldrick
Userlevel 7
Badge +6
Are you saying the right-click scan is not showing any GUI menu, or that it's not detecting anything?
 
Static virus scans are not very effective, especially since the WSA technology stack does not have a heavy local analysis component. This is why WSA is the fastest on the market.
 
In order to test WSA effectiveness you need an isolated network and VM since it will require actually triggering execution and monitoring progression. At that point it will be detected, or sandboxed until it's detected. For this reason it's not possible for someone without a specialized setup to actually test functionality except by using EICAR test file. Ultimately, right click scans are artificial scenarios that can not be used to judge any company's antivirus suite's level of effectiveness. It just so happens that WSA is especially weak in this area because of it's different approach. What matters is the end result.
 
VirusTotal themselves have taken a position on this issue, which I've pasted below:
 
BAD IDEA: VirusTotal for antivirus/URL scannertestingAt VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
  • VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.
These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea. The Prevx team also made an entry in their blog discussing the matter.
Userlevel 7
Badge +6
Hi GTR707,
As I stated in my previous post, static scans of executables sitting on a disk are not something you can judge an antivirus based on. Antivirus can only be truly measured in real-world conditions where a malicious executable is launched on physical hardware. This is the position of every major antivirus vendor, including Symantec, and even VirusTotal which provides the results of static scans. The antivirus testing organizations recognize this as well, and one is even redesigning their testing protocols to take into account the way that WSA works compared to other products.
 
Malware is such a complex problem with such complex solutions that it can not be tested simply. In fact, malware is designed to not do anything if it detects a testing scenario, further complicating issues.
 
In the nineties a method was developed to safely test if an antivirus is actually engaged in protecting a machine. It is called the EICAR test file and you can find it here. http://www.eicar.org/86-0-Intended-use.html
Userlevel 7
Badge +6
In the end, I care about malware's ability to infiltrate a machine after execution and stay in it.
 
If you care about deep local inspection of files and are not interested in other facets of the Webroot solution or approach, then I concede that this is definitely not a product for you. I completely respect that approach and I have in fact questioned Webroot directly about their static executable analysis and detection rates.
Userlevel 7
Badge +6
You are correct @ in that WSA does fall down when it comes to instant/static detection rates and that it's not a good thing.
My position is that their other innovations, user experience benefits, buttressing and final outcomes outweigh those negatives. But if that is a metric that you cannot compromise on then your opinion is perfectly reasonable.
Userlevel 7
It looks like our engineer had created a new keycode with the new extension on it. He provided instructions on how to ensure that it is activated.
 
 
Userlevel 2
Thank you Webroot support. Awesome turn around from the time of a submissions till the time my problem was resovled. Less then 24 hours. Never see that kind of support from ANY antivirus company. I was issued a new keycode which gave me the current 2014 web shield. Kudos. 
Userlevel 2
Forget it. I uninstalled it. Download some malware samples. System got infected. Does WSA even work? I thought it is suppose to be top notch? Going back to avast. Thanks anyways.
 
https://www.virustotal.com/en/file/125861730c2b28e6af2bb640b162bd5118b2e80f2456bdca24a1e18e4f40fbc7/analysis/1384923260/
Userlevel 2
Unless some has a resonable explaination. Thanks. 
Userlevel 6
Badge +22
Hi !
what are your versions of Chrome and IE ?
Userlevel 2
Normal plain old install. Completely removed avast using the avast uninstaller. Cleaned up any left overs and rebooted. Installed WSA and downloaded the eiar test file usign Chrome. No detection. No alarm. Downloaded using IE 11. No detection. No alarm. Nothing in logs. Did a scan and it was detected. Does WSA have website ratings when you Google stuff like WOT? How come there is no Chrome plugin to be found? Unisntalled WSA and tried again. Samething. Downloaded some malware samples and "none" where detected. All verifed using Virustotal. Scanned with MBAM and all 4 samples were detected. I was done with WSA. Mounted my stored image with avast. Sorry but I have tried every av out there and never have I ran accross something like this. Heck even Comodo detects more. Thanks anyways. 
Userlevel 2
I will ONLY reconsider WSA if the above problems are adressed. Why isnt there a webshield in Chrome or IE 11? I downloaded WSA after filling out the Bronocs giveway. Free for 6 months. I know no av is perfect. But 4 malware samples and NO detection is abusrd. Look at the Virustotal link. WSA did not blink an eye and over 30 other products dtect it.  I want to use WSA. But I am afraid to afriad this. Its obviously not just me when there are people at Wilders complaining about the samething. So are you saying there is webshield coming soon with site ratings? If so when? 
When I download and install a product it should work as designed. I have watched YouTube videos on WSA and see a webshield but not in my case. I have tried CIS,NIS,KIS,AIS,PCA and others. Never an issue. I felt like I had NO antivirus running at all. Right up there with MSE. I wanna see alarms going off and a webpage saying "malware blocked". Why was the eicar test not even detected when clicked on or when download was finished? 
 
And if WSA is so good then why do use KIS with it? It should be able to stand on its own. 
Userlevel 7
Hi GTR707
 
It appears that you mind is made up and so be it.  I have tried to explain that WSA works in a different way to 'traditional' AVs/ISs and what you are seeing is as a result of that.
 
I am not trying to convince you to change your mind; rather just responding to your assertion that "...there are people at Wilders complaining about the samething" by saying that there are 30+ million WSA users...and I do not think that 30+ million users (especially a good number of business users) would be using WSA if what you are saying is the case.
 
The roll out of the NEW (there is protection from the current one) Threat Shiled is being rolled out as we speak...and I suspect that alot of the comments & criticism that you are referring to is due to the fact that this si taking longer than expected and at present Webroot have not provided much indication of when users will get it/how long it will take.  This has been the subject of some serious communication between senior Forum members and the powers that be, etc.
 
Anyway, if you wish to become more accquainted with the way WSA works then please stick around...if not and your mind is made up I wish you well with whatever security app(s) you decide to go forward with...and a malware free experience. :D
 
All the best
 
 
Baldrick
Userlevel 7
In response to your question as to why use KIS as well...which I presume is from you checking my signature line...the answer is simple.
 
1. I beta test for Kaspersky as well, and prior to using WSA I used KIS, so have an attachment to it.
2. No one solution (even WSA...;)) is 100% secure and so I prefer a layered approach, as I believe do many others.
3. WSA is designed to be used on its own if the user so desires but it is also designed to co-exist/complement other
    AVs/ISs...something it does better than any other AV/IS I know of.
4. I beta test WSA and given 2. & 3. above it makes sense for me to run both.
5. Of the two laptops we also use in my family BOTH run ONLY WSA.  It is only the main, desktop system that runs both
    apps...and I feel safe on the laptops with just WSA...despite what I said in 2. above.
 
As I said earlier...I am not going to try to convince you as your mind is obvioulsy made up...that is your right & perogative.  If that is the case then you are welcome to stick around...but if you do please desist with the ranting...I contend that you have made your point...for anyone reading the thread to see.
 
As I said...I wish you well for the future...with or without WSA.
 
Regards
 
 
Baldrick
 
PS. I am not a Webroot employee, nor have any affiliation with the company other than being a user of WSA and a Community Forum member. 😉
Userlevel 2
I have not made up my mind as of yet and I am not abandoning WSA. But as of last night the Virustotal link I provided was not detected by WSA. Why isnt Webroot even mntioned in Virustotal? Is the new webshield gonna be a Chrome add on such as WOT? avast has a Chrome Ad on which works well. I am not trolling. I am concerned about my findings within an hour of using WSA. When should I reinstall WSA and when shall I trust it again? What about an IE 11 webshield? I was impressed at how quickiy WSA installed and how light it is. But I was completely unimprsssed when downloading maliscious links from malwaredomainlist and other various sites. Malc0de also. I never got one alert. Explain my findings please. I am not some dumb teen trolling along either. I am looking to purchase WSA but not willing to based on my findings. Thanks. 
 
FYI...............The file listed on Virustotal I provided was executed with NO detection. I was placed in my start up folder. Was succesfully remvoed with MBAM Free. 
Userlevel 2
Is there any known conflicts with HitmanPro.Alert or CryptoGaurd? Both were removed and still nothing from WSA. Removed prior to second installation. 
Userlevel 2
Why wasnt this folder even listed in my install? I unhid everything but could not find or see such a folder or enter. Please elaborate. Thanks. 
 
https:///t5/Webroot-SecureAnywhere-Internet/New-interface-web-site-list/m-p/59903#M1822
 
How can I get Webroot Filtering Extension  version 1.0.0.12?
 
http://www.wilderssecurity.com/showpost.php?p=2306115&postcount=88
Userlevel 7
Hi GTR707
 
Glad to hear that you are not a lost case...;)
 
If you have concerns about what you are seeing then I would take up the offer that Rakanisheu made in post 10.  If you provide him with what he has requested he can get to work to understand what is happening on your system.  You will be in good hands with him. :D
 
To answer the 1st question of your last post; because it is part of the NEW Web Threat Shield, and from the looks of things it has not yet been rolled out to your installation.
 
2nd question; you have to wait for it to be rolled out to you.  You may have seen in other threads/posts on the subject that there are some that have it and some who do not yet.  As I said previously senior member sof the Community are in contact with Webroot to try to get more infomation about where we are in the roll out and when it is expected to be complete...but with 30+ million users to update it has been taking a while and could go on for some time...unfortuantely all I can say at this time is...please be patient...if you decide to persist with WSA.
 
HTH?
 
regards
 
 
Baldrick
Userlevel 4
Badge +16
@ wrote:
Why wasnt this folder even listed in my install? I unhid everything but could not find or see such a folder or enter. Please elaborate. Thanks. 
 
https:///t5/Webroot-SecureAnywhere-Internet/New-interface-web-site-list/m-p/59903#M1822
 
How can I get Webroot Filtering Extension  version 1.0.0.12?
 
http://www.wilderssecurity.com/showpost.php?p=2306115&postcount=88
Not to hijack this thread but I have exactly the same issues as GTR707, so I am following this with great interest.  I would also like to hear the reason why a NEW clean install of the latest version (8.0.4.24) does not have a web shield component(s).  I understand the roll-out mentality of gradual replacement of current older builds BUT I (along with how many others?) am currently on a two week test of WSA and I find out that an important part of the 'shielding' is missing from the latest and greatest current version, to be added 'sometime in the future' when the backend server's logic says I can get it?  Why was this not triggered by the clean install of the latest version?  I would like to hear and understand the reason for leaving the newest (potential or otherwise) members / customers unprotected (even if it is to a lessor degree) than current past customers?  (And I have seen the argument about 'being protected by the older webfiltering shield' until the new one gets installed [I believe this was to an existing customer] but new installs have NO old webfiltering shield to fall back on.)
 
Maybe the other point is that it is not always great to show the general public parts of advanced builds (ie - BETAs or not fully released to the public) before they are included in current build / release (be it downloaded installed or 'pushed' from the backend server the moment the software becomes active).
 
Thanks.

Reply